Security Blog

Feature development & monitoring tips

Category: Technical Blogs

February 17, 2020

PHP Deserialisation/Object Injection

PHP Deserialization vulnerabilities are rarely seen on Greybox application assessments, however these should not be overlooked. This blog will look at PHP Deserialzation/Object injection covering how these vulnerabilities can be spotted and the exploit code required to read local files.

Find Out More
January 27, 2020

Injection Attacks

Injection Attacks are 1st in the OWASP TOP 10 list of vulnerabilities, they are not limited to SQL Injections. Here we talk about different types of Injection Attacks.

Find Out More
January 10, 2020

Masquerade, cracking hashes with known formats

As a penetration tester, cracking hashes can be a great post exploitation activity for both the fun and value to a client, providing a great way of showing the severity of an issue (but mostly for the fun). In this blog I’ll show you an in-depth look at cracking hashes with known formats.

Find Out More
July 18, 2019

Windows IPv6 – Part One

We are all aware of IPv6 but are we aware of the current threats associated with default configurations? What is the new threat landscape with IPv6? Should we turn a blind eye and hope it disappears? In this blog series I’ll cover the most relevant IPv6 details and attacks over a 2 part series.

Find Out More
June 17, 2019

Help me, Git. You’re my only hope.

Git is a great Version Control System, we all probably use it everyday without thinking what else it can be used for apart from version control. With some plugins, a few extra commands and the use of one or two tools, it can improve your development skills and general day-to-day working life.

Find Out More
May 9, 2019

NoSQL Injection (Part 1 of the SQL Series)

SQL Injection is a very common critical vulnerability and for years it has been listed in the OWASP Top 10. Many developers are aware of it and know how to prevent it. But with the rise of NoSQL databases are you familiar with potential NoSQL injection vulnerabilities?

Find Out More